Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PUP.Optional.AZLyrics.A


  • This topic is locked This topic is locked
15 replies to this topic

#1 pferrari

pferrari

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 12 January 2015 - 02:31 PM

Hello,

For the past two weeks I have come into my office and Malwarebytes is open telling me that PUP.Optional.AZLyrics.A was detected and quarantined.  My internet has been extremely slow since all of this.  I have read that just doing the malware scan and quarantine is not enough.  I need help to get rid of this from my computer please!

In malwarebytes it says the location  of the file was C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com-0.localstorage

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by pFerrari at 13:52:42 on 2015-01-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3570.1652 [GMT -5:00]
.
AV: Symantec Endpoint Protection.cloud *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Symantec Endpoint Protection.cloud *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection.cloud *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\bash.exe
C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
C:\Program Files\FMAuditOnsite\fmaonsite.exe
C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\sshd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
C:\Windows\system32\SAsrv.exe
C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\BlueBoxUSA\BlueBox\DITSysAudit\DITSysAudit.exe
C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\SearchIndexer.exe
c:\program files\symantec.cloud\antivirus\ssDVAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\symantec.cloud\endpointprotectionagent\engine\21.5.0.19\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec.cloud\endpointprotectionagent\engine\21.5.0.19\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\urlredir.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\symantec.cloud\endpointprotectionagent\engine\21.5.0.19\CoIEPlg.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [WD Drive Unlocker] c:\program files\western digital\wd security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SymantecPaui] "c:\program files\symantec.cloud\platformagent\PAUI.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\programdata\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\programdata\malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: c:\users\pferrari\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\pferrari\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.254.10
TCP: Interfaces\{01E45687-52AB-4A7D-A5F9-020E97769BF4} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{E004EF0B-30FC-461E-A16D-CC83E954C848} : DHCPNameServer = 192.168.254.10
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1505000.013\SymDS.sys [2014-10-6 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1505000.013\SymEFA.sys [2014-10-6 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\symantec.cloud\endpointprotectionagent\nortondata\21.5.0.19\definitions\bashdefs\20141209.001\BHDrvx86.sys [2014-12-10 1138392]
R1 ccSet_Cloud;CC Standalone Settings Manager;c:\windows\system32\drivers\symantec.cloud\ccSetx86.sys [2013-8-9 132768]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1505000.013\ccSetx86.sys [2014-10-6 127064]
R1 IDSVix86;IDSVix86;c:\program files\symantec.cloud\endpointprotectionagent\nortondata\21.5.0.19\definitions\ipsdefs\20150108.002\IDSvix86.sys [2015-1-8 503000]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1505000.013\Ironx86.sys [2014-10-6 206936]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1505000.013\symnets.sys [2014-10-6 447704]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-11-5 176128]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-3-21 1679536]
R2 DITsshd;DITsshd;c:\program files\blueboxusa\bluebox\ditssh\bin\cygrunsrv.exe [2013-12-10 68096]
R2 DITSysAudit;DITSysAudit;c:\program files\blueboxusa\bluebox\ditsysaudit\ditsysaudit.exe -s  --> c:\program files\blueboxusa\bluebox\ditsysaudit\DITSysAudit.exe -s  [?]
R2 ditvnc;ditvnc;c:\program files\blueboxusa\bluebox\uvnc\winvnc.exe [2013-12-10 2016504]
R2 FMAuditOnsite;FMAudit Onsite;c:\program files\fmauditonsite\fmaonsite.exe [2014-11-13 65024]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-12-10 583680]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2013-11-5 165336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-10-24 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-12-11 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-1 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-1 969016]
R2 NIS;Endpoint Protection.cloud;c:\program files\symantec.cloud\endpointprotectionagent\engine\21.5.0.19\NIS.exe [2014-10-6 276376]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2013-11-5 446592]
R2 SsPaAdm;Symantec.cloud Cloud Agent;c:\program files\symantec.cloud\platformagent\ccSvcHst.exe [2013-8-9 138272]
R2 ssSpnAv;Symantec.cloud Endpoint Protection;c:\program files\symantec.cloud\antivirus\AVAgent.exe [2014-11-14 418720]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-11-5 366040]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2014-2-28 1042808]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2014-2-28 271728]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-11-5 86032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-30 111408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-1 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-1 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-1 51928]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-11-5 55104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-11-5 394856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2013-7-10 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-11-5 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-1-10 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-9 102912]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\intel\icls client\SocketHeciServer.exe [2012-12-10 627744]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-7-25 18944]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-24 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-26 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-12-24 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-12-13 1343400]
S4 DSClientService;docSTAR Client Service;c:\docstar\dsclientservice.exe [2013-12-13 11264]
.
=============== Created Last 30 ================
.
2015-01-09 20:56:36 52440 ----a-w- c:\windows\system32\drivers\hthx.sys
2014-12-18 12:09:47 115712 ----a-w- c:\windows\system32\ieUnatt.exe
.
==================== Find3M  ====================
.
2015-01-12 17:47:19 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-10 02:15:05 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 02:15:05 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 11:14:20 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14:10 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45:09 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-06 20:54:53 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-03 14:15:45 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-11-03 14:15:44 85864 ----a-w- c:\windows\system32\LMIinit.dll
2014-11-03 14:15:44 53096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-11-03 14:15:44 31592 ----a-w- c:\windows\system32\LMIport.dll
2014-10-30 01:45:43 155136 ----a-w- c:\windows\system32\charmap.exe
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-23 14:15:40 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33:13 3209728 ----a-w- c:\windows\system32\mf.dll
2014-07-09 14:56:59 87040 ----a-w- c:\program files\DualSnap.exe
2014-07-09 14:56:59 80896 ----a-w- c:\program files\DualWallpaper.exe
2014-07-09 14:56:59 69632 ----a-w- c:\program files\DisMon.exe
2014-07-09 14:56:59 189440 ----a-w- c:\program files\DualLauncher.exe
2014-07-09 14:56:59 166912 ----a-w- c:\program files\SwapScreen.exe
.
============= FINISH: 13:54:27.30 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:04:02 PM

Posted 13 January 2015 - 02:02 PM

:welcome:

 

Lets run a more updated scanner to show us whats going on

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #3 pferrari

    pferrari
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:04:02 PM

    Posted 14 January 2015 - 01:01 PM

    hello,

    here is the log from aswMBR.  Everytime i try to download the Farber Recovery Scan Tool my computer detects suspicious behavior and deletes it.

     

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-01-14 12:27:22
    -----------------------------
    12:27:22.035    OS Version: Windows 6.1.7601 Service Pack 1
    12:27:22.035    Number of processors: 4 586 0x3A09
    12:27:22.037    ComputerName: PFERRARI-W7  UserName: pFerrari
    12:27:42.058    Initialize success
    12:27:42.376    VM: initialized successfully
    12:27:42.377    VM: Intel CPU supported 
    12:28:04.459    VM: supported disk I/O ataport.SYS
    12:29:18.983    AVAST engine defs: 15011400
    12:29:31.631    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:29:31.633    Disk 0 Vendor: WDC_WD2500AAKX-75U6AA0 19.01H19 Size: 238475MB BusType: 11
    12:29:31.718    VM: Disk 0 MBR read successfully
    12:29:31.720    Disk 0 MBR scan
    12:29:31.723    Disk 0 Windows VISTA default MBR code
    12:29:31.726    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
    12:29:31.738    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          750 MB offset 81920
    12:29:31.741    Disk 0 Boot: NTFS     code=1
    12:29:31.757    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       237684 MB offset 1617920
    12:29:31.763    Disk 0 scanning sectors +488394752
    12:29:31.883    Disk 0 scanning C:\Windows\system32\drivers
    12:29:41.977    Service scanning
    12:29:44.672    Service BHDrvx86 C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\BASHDefs\20141209.001\BHDrvx86.sys **LOCKED** 5
    12:29:45.620    Service ccSet_NIS C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys **LOCKED** 5
    12:29:51.087    Service IDSVix86 C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\IPSDefs\20150108.002\IDSvix86.sys **LOCKED** 5
    12:29:56.427    Service NAVENG C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150113.040\NAVENG.SYS **LOCKED** 5
    12:29:56.569    Service NAVEX15 C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150113.040\NAVEX15.SYS **LOCKED** 5
    12:30:00.900    Service SRTSPX C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS **LOCKED** 5
    12:30:01.526    Service SymDS C:\Windows\system32\drivers\NIS\1505000.013\SYMDS.SYS **LOCKED** 5
    12:30:01.630    Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
    12:30:01.661    Service SymIRON C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS **LOCKED** 5
    12:30:01.706    Service SymNetS C:\Windows\System32\Drivers\NIS\1505000.013\SYMNETS.SYS **LOCKED** 5
    12:30:06.148    Modules scanning
    12:30:06.153    Disk 0 trace - called modules:
    12:30:06.173    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
    12:30:06.177    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867c0358]
    12:30:06.180    3 CLASSPNP.SYS[8cbae59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862b5908]
    12:30:07.386    AVAST engine scan C:\Windows
    12:30:09.732    AVAST engine scan C:\Windows\system32
    12:33:06.958    AVAST engine scan C:\Windows\system32\drivers
    12:33:20.424    AVAST engine scan C:\Users\PFerrari
    12:47:44.098    Disk 0 MBR has been saved successfully to "C:\Users\PFerrari\Desktop\MBR.dat"
    12:47:44.105    The log file has been saved successfully to "C:\Users\PFerrari\Desktop\aswMBR.txt"


    #4 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:04:02 PM

    Posted 14 January 2015 - 01:18 PM

    Hi,

     

    You have Symantec.cloud\EndpointProtection, you need to disable it, a lot of AntiVirus programs detect some of our tools as bad but there not

     

    You can most likely right click on it on the system tray and disable it

     

    http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 pferrari

    pferrari
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:04:02 PM

    Posted 19 January 2015 - 10:17 AM

    Thank you! that worked . here are the logs from farbar:

     

    frst.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
    Ran by pFerrari (administrator) on PFERRARI-W7 on 19-01-2015 10:04:58
    Running from C:\Users\PFerrari\Downloads
    Loaded Profiles: pFerrari (Available profiles: pFerrari & Administrator & Directit)
    Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe
    (UltraVNC) C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
    (ECi FMAudit) C:\Program Files\FMAuditOnsite\fmaonsite.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\bash.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\sshd.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (UltraVNC) C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
    (Direct IT Corp) C:\Program Files\BlueBoxUSA\BlueBox\DITSysAudit\DITSysAudit.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\ssDVAgent.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-07] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [520320 2011-12-15] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-04-30] (LogMeIn, Inc.)
    HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [SymantecPaui] => C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe [2776480 2014-07-16] (Symantec Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    Startup: C:\Users\PFerrari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163 -> {938931C2-EBF8-4CF1-9BD3-6CA597AF16F8} URL = 
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.10
     
    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @citrixonline.com/appdetectorplugin -> C:\Users\PFerrari\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @talk.google.com/GoogleTalkPlugin -> C:\Users\PFerrari\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @talk.google.com/O1DPlugin -> C:\Users\PFerrari\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @tools.google.com/Google Update;version=3 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @tools.google.com/Google Update;version=9 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\PFerrari\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\PFerrari\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-01-19]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-11]
    CHR Extension: (Google Drive) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-11]
    CHR Extension: (Google Search) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-11]
    CHR Extension: (Norton Identity Safe) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-07]
    CHR Extension: (Skype Click to Call) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-24]
    CHR Extension: (Norton Security Toolbar) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-17]
    CHR Extension: (Hangouts) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-19]
    CHR Extension: (Google Wallet) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
    CHR Extension: (Gmail) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-11]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\Exts\Chrome.crx [2014-10-06]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
    R2 DITsshd; C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe [68096 2013-05-24] () [File not signed]
    R2 DITSysAudit; C:\Program Files\BlueBoxUSA\BlueBox\DITSysAudit\DITSysAudit.exe [671744 2013-05-24] (Direct IT Corp) [File not signed]
    R2 ditvnc; C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe [2016504 2013-05-24] (UltraVNC)
    S4 DSClientService; C:\DOCSTAR\DSClientService.exe [11264 2009-09-03] () [File not signed]
    R2 FMAuditOnsite; C:\Program Files\FMAuditOnsite\fmaonsite.exe [65024 2014-11-13] (ECi FMAudit) [File not signed]
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
    R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 NIS; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe [276376 2014-08-22] (Symantec Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-19] (Conexant Systems, Inc.)
    R2 SsPaAdm; C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [138272 2013-08-09] (Symantec Corporation)
    R2 ssSpnAv; C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [418720 2014-10-14] (Symantec Corporation)
    R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-11-05] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 BHDrvx86; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
    R1 ccSet_Cloud; C:\Windows\system32\Drivers\Symantec.cloud\ccSetx86.sys [132768 2013-08-09] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
    R1 IDSVix86; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\IPSDefs\20150116.001\IDSvix86.sys [503000 2015-01-08] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-19] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-13] (Intel Corporation)
    R3 NAVENG; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150118.025\NAVENG.SYS [95704 2014-10-06] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150118.025\NAVEX15.SYS [1636696 2014-10-06] (Symantec Corporation)
    S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-05-13] (Microsoft Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NIS\1505000.013\SRTSP.SYS [664280 2014-07-22] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS [32344 2014-07-22] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NIS\1505000.013\SYMDS.SYS [367704 2014-07-23] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NIS\1505000.013\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-10-06] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS [206936 2014-07-22] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NIS\1505000.013\SYMNETS.SYS [447704 2014-07-23] (Symantec Corporation)
    S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2013-11-05] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2013-11-05] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2013-11-05] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296192 2013-11-05] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\PFerrari\AppData\Local\Temp\catchme.sys [X]
    S4 LMIRfsClientNP; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 10:04 - 2015-01-19 10:05 - 00022286 _____ () C:\Users\PFerrari\Downloads\FRST.txt
    2015-01-19 10:04 - 2015-01-19 10:05 - 00000000 ____D () C:\FRST
    2015-01-19 10:03 - 2015-01-19 10:03 - 01118208 _____ (Farbar) C:\Users\PFerrari\Downloads\FRST.exe
    2015-01-14 14:51 - 2015-01-14 14:51 - 00015010 _____ () C:\Users\PFerrari\Downloads\benefits_billing (19).csv
    2015-01-14 14:42 - 2015-01-14 14:42 - 00016326 _____ () C:\Users\PFerrari\Downloads\combo_bill (24).csv
    2015-01-14 12:47 - 2015-01-14 12:47 - 00003357 _____ () C:\Users\PFerrari\Desktop\aswMBR.txt
    2015-01-14 12:47 - 2015-01-14 12:47 - 00000512 _____ () C:\Users\PFerrari\Desktop\MBR.dat
    2015-01-14 12:24 - 2015-01-14 12:25 - 05198336 _____ (AVAST Software) C:\Users\PFerrari\Downloads\aswMBR.exe
    2015-01-14 04:00 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 04:00 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 04:00 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-14 04:00 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 04:00 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 04:00 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 19:46 - 2015-01-13 19:46 - 00000691 _____ () C:\Users\PFerrari\Downloads\Export (57).csv
    2015-01-13 19:45 - 2015-01-13 19:45 - 00007869 _____ () C:\Users\PFerrari\Downloads\Export (56).csv
    2015-01-13 12:12 - 2015-01-13 12:12 - 00016283 _____ () C:\Users\PFerrari\Downloads\benefits_billing (18).csv
    2015-01-12 13:54 - 2015-01-12 13:57 - 00019752 _____ () C:\Users\PFerrari\Desktop\dds.txt
    2015-01-12 13:54 - 2015-01-12 13:57 - 00004943 _____ () C:\Users\PFerrari\Desktop\attach.txt
    2015-01-12 13:52 - 2015-01-12 13:52 - 00688992 ____R (Swearware) C:\Users\PFerrari\Downloads\dds.com
    2015-01-07 12:01 - 2015-01-07 12:01 - 08122368 _____ () C:\Users\PFerrari\Downloads\LogMeInIgnition (1).msi
    2015-01-06 13:07 - 2015-01-06 13:07 - 00051712 _____ () C:\Users\PFerrari\Downloads\One-Truck Breakeven Exercise.xls
    2015-01-05 16:12 - 2015-01-05 16:12 - 00016655 _____ () C:\Users\PFerrari\Downloads\combo_bill (23).csv
    2015-01-05 16:11 - 2015-01-05 16:11 - 00008851 _____ () C:\Users\PFerrari\Downloads\combo_bill (22).csv
    2014-12-29 13:38 - 2014-12-29 13:38 - 00014179 _____ () C:\Users\PFerrari\Downloads\Export (55).CSV
    2014-12-29 13:33 - 2014-12-29 13:33 - 00003939 _____ () C:\Users\PFerrari\Downloads\Export (54).CSV
    2014-12-29 13:32 - 2014-12-29 13:32 - 00008567 _____ () C:\Users\PFerrari\Downloads\Export (53).CSV
    2014-12-29 13:32 - 2014-12-29 13:32 - 00008567 _____ () C:\Users\PFerrari\Downloads\Export (52).CSV
    2014-12-23 14:00 - 2014-12-23 14:00 - 00035840 _____ () C:\Users\PFerrari\Downloads\Daily Receipts and Recv Report (4).xls
    2014-12-23 14:00 - 2014-12-23 14:00 - 00034816 _____ () C:\Users\PFerrari\Downloads\Form of Payment Template (2).xls
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 10:03 - 2014-03-17 10:37 - 00000000 ____D () C:\ProgramData\Symantec.cloud
    2015-01-19 10:00 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-19 10:00 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-19 09:59 - 2013-11-05 02:15 - 01775615 _____ () C:\Windows\WindowsUpdate.log
    2015-01-19 09:55 - 2014-09-11 13:42 - 00000000 ___RD () C:\Users\PFerrari\Dropbox
    2015-01-19 09:55 - 2014-09-11 13:37 - 00000000 ____D () C:\Users\PFerrari\AppData\Roaming\Dropbox
    2015-01-19 09:55 - 2013-12-10 16:58 - 00001416 _____ () C:\Users\PFerrari\logonscript.log
    2015-01-19 09:54 - 2014-08-01 09:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-19 09:54 - 2013-12-11 13:33 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-19 09:53 - 2014-09-29 10:21 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
    2015-01-19 09:53 - 2014-01-27 20:15 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-01-19 09:53 - 2014-01-27 20:15 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-01-19 09:53 - 2013-12-10 14:45 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-01-19 09:53 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-19 09:53 - 2009-07-13 23:39 - 00047393 _____ () C:\Windows\setupact.log
    2015-01-19 09:52 - 2013-12-11 20:11 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-01-19 09:52 - 2010-11-20 16:48 - 00625728 _____ () C:\Windows\PFRO.log
    2015-01-19 09:44 - 2013-12-24 09:44 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-19 09:35 - 2013-12-24 09:44 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-19 09:16 - 2013-12-11 13:33 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-19 09:15 - 2013-12-19 18:28 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA.job
    2015-01-19 09:15 - 2013-11-05 00:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-19 06:15 - 2013-12-19 18:28 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core.job
    2015-01-19 02:56 - 2014-05-07 15:26 - 00000000 ____D () C:\Program Files\FMAuditOnsite
    2015-01-16 12:13 - 2013-12-10 17:02 - 00000000 ____D () C:\Users\PFerrari\Documents\Outlook Files
    2015-01-15 13:43 - 2013-12-11 20:13 - 00000000 ____D () C:\Program Files\LogMeIn
    2015-01-15 13:42 - 2013-12-11 20:14 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
    2015-01-15 13:42 - 2013-12-11 20:14 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
    2015-01-15 13:42 - 2013-12-11 20:13 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
    2015-01-14 18:18 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-01-14 12:53 - 2014-08-01 09:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-14 02:15 - 2013-11-05 00:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-01-14 02:15 - 2013-11-05 00:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-01-12 20:22 - 2014-06-06 16:12 - 00000000 ____D () C:\Users\PFerrari\AppData\Local\CrashDumps
    2015-01-12 14:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\IME
    2015-01-09 17:14 - 2010-11-20 16:01 - 00818476 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-23 10:07 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-12-23 09:42 - 2013-12-10 15:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-12-23 03:21 - 2013-12-24 09:54 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2014-12-22 10:51 - 2013-12-24 09:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-20 11:49 - 2014-06-09 16:30 - 00000000 ____D () C:\Virus Removal
     
    ==================== Files in the root of some directories =======
    2014-01-11 13:41 - 2014-07-09 09:56 - 0003495 _____ () C:\Program Files\CHANGES.txt
    2013-03-06 14:33 - 2014-07-09 09:56 - 0035821 _____ () C:\Program Files\COPYING.txt
    2014-01-08 16:55 - 2014-07-09 09:56 - 0069632 _____ (GNE) C:\Program Files\DisMon.exe
    2014-01-08 16:56 - 2014-07-09 09:56 - 0189440 _____ (GNE) C:\Program Files\DualLauncher.exe
    2014-01-08 16:56 - 2014-07-09 09:56 - 0087040 _____ (GNE) C:\Program Files\DualSnap.exe
    2014-01-10 14:09 - 2014-07-09 09:56 - 0080896 _____ (GNE) C:\Program Files\DualWallpaper.exe
    2014-01-11 13:59 - 2014-07-09 09:56 - 0004397 _____ () C:\Program Files\README.txt
    2014-01-08 16:48 - 2014-07-09 09:56 - 0166912 _____ (GNE) C:\Program Files\SwapScreen.exe
    2013-03-06 14:33 - 2014-07-09 09:56 - 0000291 _____ () C:\Program Files\THANKS.txt
    2014-02-26 19:23 - 2014-02-26 19:23 - 0007605 _____ () C:\Users\PFerrari\AppData\Local\Resmon.ResmonCfg
    2014-01-21 10:41 - 2014-12-02 11:28 - 0000021 _____ () C:\ProgramData\IpAndPort.fig
    2014-01-21 10:41 - 2014-12-02 11:28 - 0000229 _____ () C:\ProgramData\RmUserCfg.ini
     
    Some content of TEMP:
    ====================
    C:\Users\PFerrari\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnhums.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-14 18:47
     
    ==================== End Of Log ============================
    addition.txt:
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
    Ran by pFerrari at 2015-01-19 10:05:54
    Running from C:\Users\PFerrari\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Symantec Endpoint Protection.cloud (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Symantec Endpoint Protection.cloud (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Symantec Endpoint Protection.cloud (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    32 Bit HP CIO Components Installer (Version: 15.1.1 - Hewlett-Packard) Hidden
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{ABD675FF-147C-689A-50B9-6DC57DE4044F}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BlueClient 2.5 (HKLM\...\{20B590D0-66BB-464A-9B3B-2C7D1DEEA591}_is1) (Version:  - )
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
    Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
    Conexant Audio Filter Agent (HKLM\...\cAudioFilterAgent) (Version: 1.7.36.0 - Conexant Systems)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.5.51 - Conexant)
    Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.109.0 - Conexant Systems)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Client System Update (HKLM\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
    docSTAR 3.10 (HKLM\...\docSTAR 3.10) (Version:  - Astria Solutions Group, LLC)
    Dropbox (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Endpoint Protection.cloud (Version: 21.5.0.19 - Symantec Corporation) Hidden
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    FMAudit Onsite (HKLM\...\FMAudit Onsite3.0.6.63728) (Version: 3.0.6.63728 - FMAudit (ECi))
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Talk Plugin (HKLM\...\{24DA8058-C0E5-351B-8B55-F6DC5A2B22EF}) (Version: 5.38.7.0 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    iBackupBot 5.1.0.3 (HKLM\...\iBackupBot) (Version: 5.1.0.3 - VOWSoft, Ltd.)
    iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
    Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    join.me (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
    Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
    LogMeIn (HKLM\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    SuccessWare 21 (HKLM\...\{0C1F1120-A5A0-11D4-A9C5-00B0D045AC06}) (Version:  - )
    Symantec.cloud - Cloud Agent (Version: 2.03.60.2571 - Symantec Corporation) Hidden
    Symantec.cloud - Endpoint Protection (Version: 4.40.10.670 - Symantec Corporation) Hidden
    Symantec.cloud (HKLM\...\Symantec Hosted Services ARP) (Version:  - Symantec Corporation)
    WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{8DC2DD9D-7687-4108-83D6-ACE73ABF2D69}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    Wondershare Dr.Fone for iOS(Build 4.6.0.29) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.6.0.29 - Wondershare Software Co.,Ltd.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
     
    ==================== Restore Points  =========================
     
    04-01-2015 00:00:02 Scheduled Checkpoint
    12-01-2015 00:00:03 Scheduled Checkpoint
    19-01-2015 09:34:29 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {00805D4D-E3DC-4DD6-8CB9-BA39A90FF2A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {07956048-C468-4FB0-BE34-8AEA88609F00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
    Task: {09EE9ACA-D980-473F-A64F-06CB6AB2A61B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {0b6ad6a4-7903-4c60-aa4a-c94378725174} pferrari-w7.pann.local => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
    Task: {101E9988-40FA-4F80-BEE2-C8DB6201FEA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {10780E19-1C44-46D1-86D6-4BA9D80DF852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
    Task: {242D471E-459B-4E80-B20C-50BD707302AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {26337DB9-AAD8-4EC6-A548-6B6D018729B9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {3EAC21A3-5BDB-471E-B75C-C42F6ADD56FA} - System32\Tasks\Endpoint Protection.cloud\Norton Error Processor => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {6137828A-C45E-4FC2-838B-209CB2B8C9E4} - System32\Tasks\Endpoint Protection.cloud\Norton Error Analyzer => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {67E9F1AE-5E3A-4D06-BE22-7E4997CD748A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
    Task: {6ACAE8CF-687B-472C-BA86-FFA466496B26} - System32\Tasks\Onsite_Watchdog => C:\Program Files\FMAuditOnsite\watchdog.bat [2014-11-13] ()
    Task: {80045939-7DD8-415E-AAD9-4643A146E236} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {88D1BFC6-3D7F-4B43-9814-CDDB51CA67FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {922AB765-BEC5-4CB6-9A04-DCD398A59018} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {BE9BD7BA-675E-4B32-90F7-BDCC50F6A200} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
    Task: {C2E4F853-CFE4-4472-89B8-383A2E31D61E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {C59BD806-B6C9-4F4C-9404-2281A5DE07DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DE6DDB11-3CD0-4BE9-AC12-EF1C287FBD39} - System32\Tasks\Norton WSC Integration => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
    Task: {F0939790-7F10-4E57-AACF-8D280F75A356} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core.job => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA.job => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-21 05:02 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00068096 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe
    2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
    2014-11-13 12:21 - 2014-11-13 12:21 - 00055296 _____ () C:\Program Files\FMAuditOnsite\Web\Bin\Toshiba.Tasks.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00536078 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\bash.exe
    2013-12-10 15:40 - 2013-05-24 10:46 - 00031232 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygintl-8.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00044558 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cyggcc_s-1.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00167438 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygreadline7.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00249870 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygncursesw-10.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00408590 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\sshd.exe
    2013-12-10 15:40 - 2013-05-24 10:46 - 00006656 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygcrypt-0.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 01174542 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygcrypto-0.9.8.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00077838 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygz.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00028174 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygwrap-0.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00008206 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygssp-0.dll
    2014-11-10 16:28 - 2014-11-10 16:28 - 00081056 _____ () C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
    2013-11-05 00:23 - 2011-06-24 14:12 - 00965760 _____ () C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2011-12-07 03:15 - 2011-12-07 03:15 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-11-30 14:37 - 2011-11-30 14:37 - 00016384 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-19 09:55 - 2015-01-19 09:55 - 00043008 _____ () c:\users\pferrari\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnhums.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-11-13 14:23 - 2014-11-13 14:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2013-11-05 00:22 - 2013-01-14 15:25 - 01200088 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\Services: DSClientService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^docSTAR 3.10.lnk => C:\Windows\pss\docSTAR 3.10.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^PFerrari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Google Update => "C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1524435-752145541-170011291-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1524435-752145541-170011291-1002 - Limited - Enabled)
    Directit (S-1-5-21-1524435-752145541-170011291-1000 - Administrator - Enabled) => C:\Users\Directit
    Guest (S-1-5-21-1524435-752145541-170011291-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/19/2015 09:54:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/17/2015 00:24:35 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/15/2015 11:35:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/14/2015 06:49:02 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/14/2015 01:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/12/2015 08:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SuccessWare21.exe, version: 1.8.400.14, time stamp: 0x530a3c36
    Faulting module name: SuccessWare21.exe, version: 1.8.400.14, time stamp: 0x530a3c36
    Exception code: 0xc0000005
    Fault offset: 0x00004d28
    Faulting process id: 0x19c8
    Faulting application start time: 0xSuccessWare21.exe0
    Faulting application path: SuccessWare21.exe1
    Faulting module path: SuccessWare21.exe2
    Report Id: SuccessWare21.exe3
     
    Error: (01/12/2015 02:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/09/2015 05:57:49 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/09/2015 01:46:50 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/07/2015 11:58:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
     
    System errors:
    =============
    Error: (01/14/2015 06:17:22 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-410 Series required for printer EPSONA80198 (XP-410 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/14/2015 06:17:21 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-400 Series required for printer EPSONC3603A (XP-400 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/14/2015 06:17:20 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/14/2015 06:17:19 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-400 Series required for printer EPSON XP-400 Series is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/08/2015 10:23:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.
     
    Error: (01/07/2015 00:06:24 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
     
    Error: (01/04/2015 11:11:26 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/04/2015 11:11:25 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/04/2015 11:11:24 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-410 Series required for printer EPSONA80198 (XP-410 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/04/2015 11:11:23 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-400 Series required for printer EPSONC3603A (XP-400 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/19/2015 09:54:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/17/2015 00:24:35 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
    Error: (01/15/2015 11:35:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
    Error: (01/14/2015 06:49:02 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
    Error: (01/14/2015 01:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/12/2015 08:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: SuccessWare21.exe1.8.400.14530a3c36SuccessWare21.exe1.8.400.14530a3c36c000000500004d2819c801d02eb89b8c04edS:\SuccessWare21.exeS:\SuccessWare21.exeb270caed-9ac2-11e4-b4cc-c81f660fe6f7
     
    Error: (01/12/2015 02:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/09/2015 05:57:49 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/09/2015 01:46:50 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/07/2015 11:58:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-11-28 15:47:51.651
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-11-09 22:37:50.163
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 23:31:00.290
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 23:22:35.401
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 22:39:02.568
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-15 01:40:34.070
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-05 14:47:47.180
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-05 14:28:25.155
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-09-07 23:13:25.257
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-09-07 22:56:04.683
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 50%
    Total physical RAM: 3570.08 MB
    Available physical RAM: 1773.43 MB
    Total Pagefile: 7138.45 MB
    Available Pagefile: 4683.86 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1897.56 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:90.99 GB) NTFS
    Drive h: (Data) (Network) (Total:1640.16 GB) (Free:992.92 GB) NTFS
    Drive p: (Data) (Network) (Total:1640.16 GB) (Free:992.92 GB) NTFS
    Drive s: (Data) (Network) (Total:1640.16 GB) (Free:992.92 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 80F4BE54)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #6 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:04:02 PM

    Posted 19 January 2015 - 10:52 AM

    Hi,

     

    Your log actually doesn't look to bad.  Before we move on , FRST will run better from the desktop so go to your downloads folder and look for FRST64, right click on it and select CUT, then come back to the desktop and right click on a blank space and select PASTE

     

    Lets run a few programs to see if we can find and remove that pest, run Adwcleaner first followed by Junkware removal and then run Malwarebytes, here are the instructions for how to set it up and run

     

     

     
     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    =========================================================
     
    Malwarebytes instructions
     

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #7 pferrari

    pferrari
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:04:02 PM

    Posted 19 January 2015 - 11:34 AM

    here is the logs after i moved frst to the desktop. i am now downloading adwcleaner and junkware removal tool

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
    Ran by pFerrari (administrator) on PFERRARI-W7 on 19-01-2015 11:27:45
    Running from C:\Users\PFerrari\Desktop
    Loaded Profiles: pFerrari (Available profiles: pFerrari & Administrator & Directit)
    Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe
    (UltraVNC) C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
    (ECi FMAudit) C:\Program Files\FMAuditOnsite\fmaonsite.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\bash.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\sshd.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (UltraVNC) C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
    (Direct IT Corp) C:\Program Files\BlueBoxUSA\BlueBox\DITSysAudit\DITSysAudit.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\ssDVAgent.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (SuccessWare, Inc.) \\PannSrv\SuccessWare21\SuccessWare21.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-07] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [520320 2011-12-15] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-04-30] (LogMeIn, Inc.)
    HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [SymantecPaui] => C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe [2776480 2014-07-16] (Symantec Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    Startup: C:\Users\PFerrari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163 -> {938931C2-EBF8-4CF1-9BD3-6CA597AF16F8} URL = 
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.10
     
    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @citrixonline.com/appdetectorplugin -> C:\Users\PFerrari\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @talk.google.com/GoogleTalkPlugin -> C:\Users\PFerrari\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @talk.google.com/O1DPlugin -> C:\Users\PFerrari\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @tools.google.com/Google Update;version=3 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @tools.google.com/Google Update;version=9 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\PFerrari\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\PFerrari\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-01-19]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-11]
    CHR Extension: (Google Drive) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-11]
    CHR Extension: (Google Search) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-11]
    CHR Extension: (Norton Identity Safe) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-07]
    CHR Extension: (Skype Click to Call) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-24]
    CHR Extension: (Norton Security Toolbar) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-17]
    CHR Extension: (Hangouts) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-19]
    CHR Extension: (Google Wallet) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
    CHR Extension: (Gmail) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-11]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\Exts\Chrome.crx [2014-10-06]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
    R2 DITsshd; C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe [68096 2013-05-24] () [File not signed]
    R2 DITSysAudit; C:\Program Files\BlueBoxUSA\BlueBox\DITSysAudit\DITSysAudit.exe [671744 2013-05-24] (Direct IT Corp) [File not signed]
    R2 ditvnc; C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe [2016504 2013-05-24] (UltraVNC)
    S4 DSClientService; C:\DOCSTAR\DSClientService.exe [11264 2009-09-03] () [File not signed]
    R2 FMAuditOnsite; C:\Program Files\FMAuditOnsite\fmaonsite.exe [65024 2014-11-13] (ECi FMAudit) [File not signed]
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
    R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 NIS; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe [276376 2014-08-22] (Symantec Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-19] (Conexant Systems, Inc.)
    R2 SsPaAdm; C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [138272 2013-08-09] (Symantec Corporation)
    R2 ssSpnAv; C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [418720 2014-10-14] (Symantec Corporation)
    R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-11-05] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 BHDrvx86; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
    R1 ccSet_Cloud; C:\Windows\system32\Drivers\Symantec.cloud\ccSetx86.sys [132768 2013-08-09] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
    R1 IDSVix86; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\IPSDefs\20150116.001\IDSvix86.sys [503000 2015-01-08] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-19] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-13] (Intel Corporation)
    R3 NAVENG; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150118.025\NAVENG.SYS [95704 2014-10-06] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150118.025\NAVEX15.SYS [1636696 2014-10-06] (Symantec Corporation)
    S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-05-13] (Microsoft Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NIS\1505000.013\SRTSP.SYS [664280 2014-07-22] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS [32344 2014-07-22] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NIS\1505000.013\SYMDS.SYS [367704 2014-07-23] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NIS\1505000.013\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-10-06] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS [206936 2014-07-22] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NIS\1505000.013\SYMNETS.SYS [447704 2014-07-23] (Symantec Corporation)
    S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2013-11-05] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2013-11-05] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2013-11-05] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296192 2013-11-05] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\PFerrari\AppData\Local\Temp\catchme.sys [X]
    S4 LMIRfsClientNP; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 11:27 - 2015-01-19 11:28 - 00022721 _____ () C:\Users\PFerrari\Desktop\FRST.txt
    2015-01-19 10:05 - 2015-01-19 10:06 - 00039610 _____ () C:\Users\PFerrari\Downloads\Addition.txt
    2015-01-19 10:04 - 2015-01-19 11:27 - 00000000 ____D () C:\FRST
    2015-01-19 10:04 - 2015-01-19 10:06 - 00031977 _____ () C:\Users\PFerrari\Downloads\FRST.txt
    2015-01-19 10:03 - 2015-01-19 10:03 - 01118208 _____ (Farbar) C:\Users\PFerrari\Desktop\FRST.exe
    2015-01-14 14:51 - 2015-01-14 14:51 - 00015010 _____ () C:\Users\PFerrari\Downloads\benefits_billing (19).csv
    2015-01-14 14:42 - 2015-01-14 14:42 - 00016326 _____ () C:\Users\PFerrari\Downloads\combo_bill (24).csv
    2015-01-14 12:47 - 2015-01-14 12:47 - 00003357 _____ () C:\Users\PFerrari\Desktop\aswMBR.txt
    2015-01-14 12:47 - 2015-01-14 12:47 - 00000512 _____ () C:\Users\PFerrari\Desktop\MBR.dat
    2015-01-14 12:24 - 2015-01-14 12:25 - 05198336 _____ (AVAST Software) C:\Users\PFerrari\Downloads\aswMBR.exe
    2015-01-14 04:00 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 04:00 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 04:00 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-14 04:00 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 04:00 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 04:00 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 19:46 - 2015-01-13 19:46 - 00000691 _____ () C:\Users\PFerrari\Downloads\Export (57).csv
    2015-01-13 19:45 - 2015-01-13 19:45 - 00007869 _____ () C:\Users\PFerrari\Downloads\Export (56).csv
    2015-01-13 12:12 - 2015-01-13 12:12 - 00016283 _____ () C:\Users\PFerrari\Downloads\benefits_billing (18).csv
    2015-01-12 13:54 - 2015-01-12 13:57 - 00019752 _____ () C:\Users\PFerrari\Desktop\dds.txt
    2015-01-12 13:54 - 2015-01-12 13:57 - 00004943 _____ () C:\Users\PFerrari\Desktop\attach.txt
    2015-01-12 13:52 - 2015-01-12 13:52 - 00688992 ____R (Swearware) C:\Users\PFerrari\Downloads\dds.com
    2015-01-07 12:01 - 2015-01-07 12:01 - 08122368 _____ () C:\Users\PFerrari\Downloads\LogMeInIgnition (1).msi
    2015-01-06 13:07 - 2015-01-06 13:07 - 00051712 _____ () C:\Users\PFerrari\Downloads\One-Truck Breakeven Exercise.xls
    2015-01-05 16:12 - 2015-01-05 16:12 - 00016655 _____ () C:\Users\PFerrari\Downloads\combo_bill (23).csv
    2015-01-05 16:11 - 2015-01-05 16:11 - 00008851 _____ () C:\Users\PFerrari\Downloads\combo_bill (22).csv
    2014-12-29 13:38 - 2014-12-29 13:38 - 00014179 _____ () C:\Users\PFerrari\Downloads\Export (55).CSV
    2014-12-29 13:33 - 2014-12-29 13:33 - 00003939 _____ () C:\Users\PFerrari\Downloads\Export (54).CSV
    2014-12-29 13:32 - 2014-12-29 13:32 - 00008567 _____ () C:\Users\PFerrari\Downloads\Export (53).CSV
    2014-12-29 13:32 - 2014-12-29 13:32 - 00008567 _____ () C:\Users\PFerrari\Downloads\Export (52).CSV
    2014-12-23 14:00 - 2014-12-23 14:00 - 00035840 _____ () C:\Users\PFerrari\Downloads\Daily Receipts and Recv Report (4).xls
    2014-12-23 14:00 - 2014-12-23 14:00 - 00034816 _____ () C:\Users\PFerrari\Downloads\Form of Payment Template (2).xls
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 11:27 - 2014-03-17 10:37 - 00000000 ____D () C:\ProgramData\Symantec.cloud
    2015-01-19 11:16 - 2013-12-11 13:33 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-19 11:15 - 2013-12-19 18:28 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA.job
    2015-01-19 11:15 - 2013-11-05 00:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-19 10:38 - 2013-11-05 02:15 - 01775711 _____ () C:\Windows\WindowsUpdate.log
    2015-01-19 10:00 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-19 10:00 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-19 09:55 - 2014-09-11 13:42 - 00000000 ___RD () C:\Users\PFerrari\Dropbox
    2015-01-19 09:55 - 2014-09-11 13:37 - 00000000 ____D () C:\Users\PFerrari\AppData\Roaming\Dropbox
    2015-01-19 09:55 - 2013-12-10 16:58 - 00001416 _____ () C:\Users\PFerrari\logonscript.log
    2015-01-19 09:54 - 2014-08-01 09:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-19 09:54 - 2013-12-11 13:33 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-19 09:53 - 2014-09-29 10:21 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
    2015-01-19 09:53 - 2014-01-27 20:15 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-01-19 09:53 - 2014-01-27 20:15 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-01-19 09:53 - 2013-12-10 14:45 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-01-19 09:53 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-19 09:53 - 2009-07-13 23:39 - 00047393 _____ () C:\Windows\setupact.log
    2015-01-19 09:52 - 2013-12-11 20:11 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-01-19 09:52 - 2010-11-20 16:48 - 00625728 _____ () C:\Windows\PFRO.log
    2015-01-19 09:44 - 2013-12-24 09:44 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-19 09:35 - 2013-12-24 09:44 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-19 06:15 - 2013-12-19 18:28 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core.job
    2015-01-19 02:56 - 2014-05-07 15:26 - 00000000 ____D () C:\Program Files\FMAuditOnsite
    2015-01-16 12:13 - 2013-12-10 17:02 - 00000000 ____D () C:\Users\PFerrari\Documents\Outlook Files
    2015-01-15 13:43 - 2013-12-11 20:13 - 00000000 ____D () C:\Program Files\LogMeIn
    2015-01-15 13:42 - 2013-12-11 20:14 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
    2015-01-15 13:42 - 2013-12-11 20:14 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
    2015-01-15 13:42 - 2013-12-11 20:13 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
    2015-01-14 18:18 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-01-14 12:53 - 2014-08-01 09:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-14 02:15 - 2013-11-05 00:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-01-14 02:15 - 2013-11-05 00:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-01-12 20:22 - 2014-06-06 16:12 - 00000000 ____D () C:\Users\PFerrari\AppData\Local\CrashDumps
    2015-01-12 14:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\IME
    2015-01-09 17:14 - 2010-11-20 16:01 - 00818476 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-23 10:07 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-12-23 09:42 - 2013-12-10 15:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-12-23 03:21 - 2013-12-24 09:54 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2014-12-22 10:51 - 2013-12-24 09:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-20 11:49 - 2014-06-09 16:30 - 00000000 ____D () C:\Virus Removal
     
    ==================== Files in the root of some directories =======
    2014-01-11 13:41 - 2014-07-09 09:56 - 0003495 _____ () C:\Program Files\CHANGES.txt
    2013-03-06 14:33 - 2014-07-09 09:56 - 0035821 _____ () C:\Program Files\COPYING.txt
    2014-01-08 16:55 - 2014-07-09 09:56 - 0069632 _____ (GNE) C:\Program Files\DisMon.exe
    2014-01-08 16:56 - 2014-07-09 09:56 - 0189440 _____ (GNE) C:\Program Files\DualLauncher.exe
    2014-01-08 16:56 - 2014-07-09 09:56 - 0087040 _____ (GNE) C:\Program Files\DualSnap.exe
    2014-01-10 14:09 - 2014-07-09 09:56 - 0080896 _____ (GNE) C:\Program Files\DualWallpaper.exe
    2014-01-11 13:59 - 2014-07-09 09:56 - 0004397 _____ () C:\Program Files\README.txt
    2014-01-08 16:48 - 2014-07-09 09:56 - 0166912 _____ (GNE) C:\Program Files\SwapScreen.exe
    2013-03-06 14:33 - 2014-07-09 09:56 - 0000291 _____ () C:\Program Files\THANKS.txt
    2014-02-26 19:23 - 2014-02-26 19:23 - 0007605 _____ () C:\Users\PFerrari\AppData\Local\Resmon.ResmonCfg
    2014-01-21 10:41 - 2014-12-02 11:28 - 0000021 _____ () C:\ProgramData\IpAndPort.fig
    2014-01-21 10:41 - 2014-12-02 11:28 - 0000229 _____ () C:\ProgramData\RmUserCfg.ini
     
    Some content of TEMP:
    ====================
    C:\Users\PFerrari\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnhums.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-14 18:47
     
    ==================== End Of Log ============================
     
    addition.txt
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
    Ran by pFerrari at 2015-01-19 11:28:14
    Running from C:\Users\PFerrari\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Symantec Endpoint Protection.cloud (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Symantec Endpoint Protection.cloud (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Symantec Endpoint Protection.cloud (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    32 Bit HP CIO Components Installer (Version: 15.1.1 - Hewlett-Packard) Hidden
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{ABD675FF-147C-689A-50B9-6DC57DE4044F}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BlueClient 2.5 (HKLM\...\{20B590D0-66BB-464A-9B3B-2C7D1DEEA591}_is1) (Version:  - )
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
    Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
    Conexant Audio Filter Agent (HKLM\...\cAudioFilterAgent) (Version: 1.7.36.0 - Conexant Systems)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.5.51 - Conexant)
    Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.109.0 - Conexant Systems)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Client System Update (HKLM\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
    docSTAR 3.10 (HKLM\...\docSTAR 3.10) (Version:  - Astria Solutions Group, LLC)
    Dropbox (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Endpoint Protection.cloud (Version: 21.5.0.19 - Symantec Corporation) Hidden
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    FMAudit Onsite (HKLM\...\FMAudit Onsite3.0.6.63728) (Version: 3.0.6.63728 - FMAudit (ECi))
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Talk Plugin (HKLM\...\{24DA8058-C0E5-351B-8B55-F6DC5A2B22EF}) (Version: 5.38.7.0 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    iBackupBot 5.1.0.3 (HKLM\...\iBackupBot) (Version: 5.1.0.3 - VOWSoft, Ltd.)
    iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
    Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    join.me (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
    Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
    LogMeIn (HKLM\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    SuccessWare 21 (HKLM\...\{0C1F1120-A5A0-11D4-A9C5-00B0D045AC06}) (Version:  - )
    Symantec.cloud - Cloud Agent (Version: 2.03.60.2571 - Symantec Corporation) Hidden
    Symantec.cloud - Endpoint Protection (Version: 4.40.10.670 - Symantec Corporation) Hidden
    Symantec.cloud (HKLM\...\Symantec Hosted Services ARP) (Version:  - Symantec Corporation)
    WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{8DC2DD9D-7687-4108-83D6-ACE73ABF2D69}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    Wondershare Dr.Fone for iOS(Build 4.6.0.29) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.6.0.29 - Wondershare Software Co.,Ltd.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
     
    ==================== Restore Points  =========================
     
    04-01-2015 00:00:02 Scheduled Checkpoint
    12-01-2015 00:00:03 Scheduled Checkpoint
    19-01-2015 09:34:29 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {00805D4D-E3DC-4DD6-8CB9-BA39A90FF2A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {07956048-C468-4FB0-BE34-8AEA88609F00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
    Task: {09EE9ACA-D980-473F-A64F-06CB6AB2A61B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {0b6ad6a4-7903-4c60-aa4a-c94378725174} pferrari-w7.pann.local => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
    Task: {101E9988-40FA-4F80-BEE2-C8DB6201FEA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {10780E19-1C44-46D1-86D6-4BA9D80DF852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
    Task: {242D471E-459B-4E80-B20C-50BD707302AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {26337DB9-AAD8-4EC6-A548-6B6D018729B9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {3EAC21A3-5BDB-471E-B75C-C42F6ADD56FA} - System32\Tasks\Endpoint Protection.cloud\Norton Error Processor => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {6137828A-C45E-4FC2-838B-209CB2B8C9E4} - System32\Tasks\Endpoint Protection.cloud\Norton Error Analyzer => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {67E9F1AE-5E3A-4D06-BE22-7E4997CD748A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
    Task: {6ACAE8CF-687B-472C-BA86-FFA466496B26} - System32\Tasks\Onsite_Watchdog => C:\Program Files\FMAuditOnsite\watchdog.bat [2014-11-13] ()
    Task: {80045939-7DD8-415E-AAD9-4643A146E236} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {88D1BFC6-3D7F-4B43-9814-CDDB51CA67FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {922AB765-BEC5-4CB6-9A04-DCD398A59018} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {BE9BD7BA-675E-4B32-90F7-BDCC50F6A200} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
    Task: {C2E4F853-CFE4-4472-89B8-383A2E31D61E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {C59BD806-B6C9-4F4C-9404-2281A5DE07DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DE6DDB11-3CD0-4BE9-AC12-EF1C287FBD39} - System32\Tasks\Norton WSC Integration => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
    Task: {F0939790-7F10-4E57-AACF-8D280F75A356} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core.job => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA.job => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-21 05:02 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00068096 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe
    2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
    2014-11-13 12:21 - 2014-11-13 12:21 - 00055296 _____ () C:\Program Files\FMAuditOnsite\Web\Bin\Toshiba.Tasks.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00536078 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\bash.exe
    2013-12-10 15:40 - 2013-05-24 10:46 - 00031232 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygintl-8.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00044558 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cyggcc_s-1.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00167438 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygreadline7.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00249870 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygncursesw-10.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00408590 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\sshd.exe
    2013-12-10 15:40 - 2013-05-24 10:46 - 00006656 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygcrypt-0.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 01174542 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygcrypto-0.9.8.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00077838 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygz.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00028174 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygwrap-0.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00008206 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygssp-0.dll
    2014-11-10 16:28 - 2014-11-10 16:28 - 00081056 _____ () C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
    2013-11-05 00:23 - 2011-06-24 14:12 - 00965760 _____ () C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2011-12-07 03:15 - 2011-12-07 03:15 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-11-30 14:37 - 2011-11-30 14:37 - 00016384 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-19 09:55 - 2015-01-19 09:55 - 00043008 _____ () c:\users\pferrari\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnhums.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2013-11-05 00:22 - 2013-01-14 15:25 - 01200088 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
    2013-12-10 14:59 - 1999-11-12 05:11 - 00589312 _____ () C:\Program Files\Common Files\Borland Shared\BDE\IDAPI32.DLL
    2013-12-10 14:59 - 2001-05-10 13:00 - 00116736 _____ () C:\Program Files\Common Files\Borland Shared\BDE\IDR20009.DLL
    2013-12-10 14:59 - 2001-05-10 13:00 - 00101376 _____ () C:\Program Files\Common Files\Borland Shared\BDE\BANTAM.DLL
    2013-12-10 14:59 - 2001-05-10 13:00 - 00436224 _____ () C:\Program Files\Common Files\Borland Shared\BDE\IDODBC32.DLL
    2013-12-10 14:59 - 2001-05-10 13:00 - 00464896 _____ () C:\Program Files\Common Files\Borland Shared\BDE\idsql32.DLL
    2013-12-10 14:59 - 2001-05-10 13:00 - 00255488 _____ () C:\Program Files\Common Files\Borland Shared\BDE\IDPDX32.DLL
    2014-11-13 14:23 - 2014-11-13 14:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2014-05-23 12:04 - 2014-05-23 12:04 - 00196264 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL
    2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\Services: DSClientService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^docSTAR 3.10.lnk => C:\Windows\pss\docSTAR 3.10.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^PFerrari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Google Update => "C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1524435-752145541-170011291-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1524435-752145541-170011291-1002 - Limited - Enabled)
    Directit (S-1-5-21-1524435-752145541-170011291-1000 - Administrator - Enabled) => C:\Users\Directit
    Guest (S-1-5-21-1524435-752145541-170011291-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/19/2015 09:54:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/17/2015 00:24:35 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/15/2015 11:35:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/14/2015 06:49:02 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/14/2015 01:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/12/2015 08:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SuccessWare21.exe, version: 1.8.400.14, time stamp: 0x530a3c36
    Faulting module name: SuccessWare21.exe, version: 1.8.400.14, time stamp: 0x530a3c36
    Exception code: 0xc0000005
    Fault offset: 0x00004d28
    Faulting process id: 0x19c8
    Faulting application start time: 0xSuccessWare21.exe0
    Faulting application path: SuccessWare21.exe1
    Faulting module path: SuccessWare21.exe2
    Report Id: SuccessWare21.exe3
     
    Error: (01/12/2015 02:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/09/2015 05:57:49 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/09/2015 01:46:50 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/07/2015 11:58:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
     
    System errors:
    =============
    Error: (01/14/2015 06:17:22 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-410 Series required for printer EPSONA80198 (XP-410 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/14/2015 06:17:21 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-400 Series required for printer EPSONC3603A (XP-400 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/14/2015 06:17:20 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/14/2015 06:17:19 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-400 Series required for printer EPSON XP-400 Series is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/08/2015 10:23:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 70. The internal error state is 105.
     
    Error: (01/07/2015 00:06:24 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
     
    Error: (01/04/2015 11:11:26 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/04/2015 11:11:25 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/04/2015 11:11:24 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-410 Series required for printer EPSONA80198 (XP-410 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
    Error: (01/04/2015 11:11:23 PM) (Source: UmrdpService) (EventID: 1111) (User: )
    Description: Driver EPSON XP-400 Series required for printer EPSONC3603A (XP-400 Series) is unknown. Contact the administrator to install the driver before you log in again.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/19/2015 09:54:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/17/2015 00:24:35 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
    Error: (01/15/2015 11:35:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
    Error: (01/14/2015 06:49:02 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
    Error: (01/14/2015 01:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/12/2015 08:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: SuccessWare21.exe1.8.400.14530a3c36SuccessWare21.exe1.8.400.14530a3c36c000000500004d2819c801d02eb89b8c04edS:\SuccessWare21.exeS:\SuccessWare21.exeb270caed-9ac2-11e4-b4cc-c81f660fe6f7
     
    Error: (01/12/2015 02:35:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (01/09/2015 05:57:49 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/09/2015 01:46:50 AM) (Source: DITSysAuditN) (EventID: 1) (User: NT AUTHORITY)
    Description: DITSysAudit: Unknown result from bluebox
     
    Error: (01/07/2015 11:58:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin\SetACL.exe
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-11-28 15:47:51.651
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-11-09 22:37:50.163
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 23:31:00.290
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 23:22:35.401
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 22:39:02.568
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-15 01:40:34.070
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-05 14:47:47.180
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-05 14:28:25.155
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-09-07 23:13:25.257
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-09-07 22:56:04.683
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 63%
    Total physical RAM: 3570.08 MB
    Available physical RAM: 1304.46 MB
    Total Pagefile: 7138.45 MB
    Available Pagefile: 4158.41 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1904.91 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:90.83 GB) NTFS
    Drive h: (Data) (Network) (Total:1640.16 GB) (Free:992.92 GB) NTFS
    Drive p: (Data) (Network) (Total:1640.16 GB) (Free:992.92 GB) NTFS
    Drive s: (Data) (Network) (Total:1640.16 GB) (Free:992.92 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 80F4BE54)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #8 pferrari

    pferrari
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:04:02 PM

    Posted 19 January 2015 - 12:24 PM

    # AdwCleaner v4.108 - Report created 19/01/2015 at 11:39:41
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-18.1 [Live]
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : pFerrari - PFERRARI-W7
    # Running from : C:\Users\PFerrari\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    File Deleted : C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Description
    Key Deleted : HKLM\SOFTWARE\FlvPlayer
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17496
     
     
    -\\ Google Chrome v39.0.2171.99
     
    [C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
     
    *************************
     
    AdwCleaner[R0].txt - [1392 octets] - [19/01/2015 11:37:34]
    AdwCleaner[S0].txt - [1327 octets] - [19/01/2015 11:39:41]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1387 octets] ##########
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Professional x86
    Ran by pFerrari on Mon 01/19/2015 at 11:58:16.65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/19/2015 at 12:00:16.12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 1/19/2015
    Scan Time: 12:07:04 PM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2015.01.19.09
    Rootkit Database: v2015.01.14.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: pFerrari
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 408790
    Time Elapsed: 11 min, 55 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #9 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:04:02 PM

    Posted 19 January 2015 - 12:34 PM

    Now that the above programs removed some entries go ahead and run a new scan with FRST, checkmark Additions and post both new logs please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #10 pferrari

    pferrari
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:04:02 PM

    Posted 19 January 2015 - 01:34 PM

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
    Ran by pFerrari (administrator) on PFERRARI-W7 on 19-01-2015 13:28:39
    Running from C:\Users\PFerrari\Desktop
    Loaded Profiles: pFerrari (Available profiles: pFerrari & Administrator & Directit)
    Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe
    (UltraVNC) C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\bash.exe
    (ECi FMAudit) C:\Program Files\FMAuditOnsite\fmaonsite.exe
    () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\sshd.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Direct IT Corp) C:\Program Files\BlueBoxUSA\BlueBox\DITSysAudit\DITSysAudit.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (UltraVNC) C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\AntiVirus\ssDVAgent.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
    () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Symantec Corporation) C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-07] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [520320 2011-12-15] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-04-30] (LogMeIn, Inc.)
    HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [SymantecPaui] => C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe [2776480 2014-07-16] (Symantec Corporation)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    Startup: C:\Users\PFerrari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163 -> {938931C2-EBF8-4CF1-9BD3-6CA597AF16F8} URL = 
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.10
     
    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @citrixonline.com/appdetectorplugin -> C:\Users\PFerrari\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @talk.google.com/GoogleTalkPlugin -> C:\Users\PFerrari\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @talk.google.com/O1DPlugin -> C:\Users\PFerrari\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @tools.google.com/Google Update;version=3 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1522985023-1944121316-2484613009-1163: @tools.google.com/Google Update;version=9 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\PFerrari\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\PFerrari\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-01-19]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-11]
    CHR Extension: (Google Drive) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-11]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-11]
    CHR Extension: (Google Search) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-11]
    CHR Extension: (Norton Identity Safe) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-07]
    CHR Extension: (Skype Click to Call) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-24]
    CHR Extension: (Hangouts) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-19]
    CHR Extension: (Google Wallet) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
    CHR Extension: (Gmail) - C:\Users\PFerrari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-11]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
    R2 DITsshd; C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe [68096 2013-05-24] () [File not signed]
    R2 DITSysAudit; C:\Program Files\BlueBoxUSA\BlueBox\DITSysAudit\DITSysAudit.exe [671744 2013-05-24] (Direct IT Corp) [File not signed]
    R2 ditvnc; C:\Program Files\BlueBoxUSA\BlueBox\UVNC\winvnc.exe [2016504 2013-05-24] (UltraVNC)
    S4 DSClientService; C:\DOCSTAR\DSClientService.exe [11264 2009-09-03] () [File not signed]
    R2 FMAuditOnsite; C:\Program Files\FMAuditOnsite\fmaonsite.exe [65024 2014-11-13] (ECi FMAudit) [File not signed]
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
    R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 NIS; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\NIS.exe [276376 2014-08-22] (Symantec Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 SAService; C:\Windows\system32\SAsrv.exe [446592 2010-11-19] (Conexant Systems, Inc.)
    R2 SsPaAdm; C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [138272 2013-08-09] (Symantec Corporation)
    R2 ssSpnAv; C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [418720 2014-10-14] (Symantec Corporation)
    R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-11-05] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 BHDrvx86; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
    R1 ccSet_Cloud; C:\Windows\system32\Drivers\Symantec.cloud\ccSetx86.sys [132768 2013-08-09] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1505000.013\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
    R1 IDSVix86; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\IPSDefs\20150116.001\IDSvix86.sys [503000 2015-01-08] (Symantec Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-19] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-13] (Intel Corporation)
    R3 NAVENG; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150118.025\NAVENG.SYS [95704 2014-10-06] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\21.5.0.19\Definitions\VirusDefs\20150118.025\NAVEX15.SYS [1636696 2014-10-06] (Symantec Corporation)
    S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-05-13] (Microsoft Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NIS\1505000.013\SRTSP.SYS [664280 2014-07-22] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NIS\1505000.013\SRTSPX.SYS [32344 2014-07-22] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NIS\1505000.013\SYMDS.SYS [367704 2014-07-23] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NIS\1505000.013\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-10-06] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NIS\1505000.013\Ironx86.SYS [206936 2014-07-22] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NIS\1505000.013\SYMNETS.SYS [447704 2014-07-23] (Symantec Corporation)
    S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2013-11-05] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2013-11-05] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2013-11-05] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296192 2013-11-05] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\PFerrari\AppData\Local\Temp\catchme.sys [X]
    S4 LMIRfsClientNP; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 12:00 - 2015-01-19 12:00 - 00000636 _____ () C:\Users\PFerrari\Desktop\JRT.txt
    2015-01-19 11:37 - 2015-01-19 11:39 - 00000000 ____D () C:\AdwCleaner
    2015-01-19 11:34 - 2015-01-19 11:34 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-19 11:32 - 2015-01-19 11:32 - 01707939 _____ (Thisisu) C:\Users\PFerrari\Desktop\JRT.exe
    2015-01-19 11:29 - 2015-01-19 11:29 - 02186752 _____ () C:\Users\PFerrari\Desktop\AdwCleaner.exe
    2015-01-19 11:28 - 2015-01-19 11:28 - 00040568 _____ () C:\Users\PFerrari\Desktop\Addition.txt
    2015-01-19 11:27 - 2015-01-19 13:29 - 00022403 _____ () C:\Users\PFerrari\Desktop\FRST.txt
    2015-01-19 10:05 - 2015-01-19 10:06 - 00039610 _____ () C:\Users\PFerrari\Downloads\Addition.txt
    2015-01-19 10:04 - 2015-01-19 13:28 - 00000000 ____D () C:\FRST
    2015-01-19 10:04 - 2015-01-19 10:06 - 00031977 _____ () C:\Users\PFerrari\Downloads\FRST.txt
    2015-01-19 10:03 - 2015-01-19 10:03 - 01118208 _____ (Farbar) C:\Users\PFerrari\Desktop\FRST.exe
    2015-01-14 14:51 - 2015-01-14 14:51 - 00015010 _____ () C:\Users\PFerrari\Downloads\benefits_billing (19).csv
    2015-01-14 14:42 - 2015-01-14 14:42 - 00016326 _____ () C:\Users\PFerrari\Downloads\combo_bill (24).csv
    2015-01-14 12:47 - 2015-01-14 12:47 - 00003357 _____ () C:\Users\PFerrari\Desktop\aswMBR.txt
    2015-01-14 12:47 - 2015-01-14 12:47 - 00000512 _____ () C:\Users\PFerrari\Desktop\MBR.dat
    2015-01-14 12:24 - 2015-01-14 12:25 - 05198336 _____ (AVAST Software) C:\Users\PFerrari\Downloads\aswMBR.exe
    2015-01-14 04:00 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 04:00 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 04:00 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-14 04:00 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 04:00 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 04:00 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 19:46 - 2015-01-13 19:46 - 00000691 _____ () C:\Users\PFerrari\Downloads\Export (57).csv
    2015-01-13 19:45 - 2015-01-13 19:45 - 00007869 _____ () C:\Users\PFerrari\Downloads\Export (56).csv
    2015-01-13 12:12 - 2015-01-13 12:12 - 00016283 _____ () C:\Users\PFerrari\Downloads\benefits_billing (18).csv
    2015-01-12 13:54 - 2015-01-12 13:57 - 00019752 _____ () C:\Users\PFerrari\Desktop\dds.txt
    2015-01-12 13:54 - 2015-01-12 13:57 - 00004943 _____ () C:\Users\PFerrari\Desktop\attach.txt
    2015-01-12 13:52 - 2015-01-12 13:52 - 00688992 ____R (Swearware) C:\Users\PFerrari\Downloads\dds.com
    2015-01-07 12:01 - 2015-01-07 12:01 - 08122368 _____ () C:\Users\PFerrari\Downloads\LogMeInIgnition (1).msi
    2015-01-06 13:07 - 2015-01-06 13:07 - 00051712 _____ () C:\Users\PFerrari\Downloads\One-Truck Breakeven Exercise.xls
    2015-01-05 16:12 - 2015-01-05 16:12 - 00016655 _____ () C:\Users\PFerrari\Downloads\combo_bill (23).csv
    2015-01-05 16:11 - 2015-01-05 16:11 - 00008851 _____ () C:\Users\PFerrari\Downloads\combo_bill (22).csv
    2014-12-29 13:38 - 2014-12-29 13:38 - 00014179 _____ () C:\Users\PFerrari\Downloads\Export (55).CSV
    2014-12-29 13:33 - 2014-12-29 13:33 - 00003939 _____ () C:\Users\PFerrari\Downloads\Export (54).CSV
    2014-12-29 13:32 - 2014-12-29 13:32 - 00008567 _____ () C:\Users\PFerrari\Downloads\Export (53).CSV
    2014-12-29 13:32 - 2014-12-29 13:32 - 00008567 _____ () C:\Users\PFerrari\Downloads\Export (52).CSV
    2014-12-23 14:00 - 2014-12-23 14:00 - 00035840 _____ () C:\Users\PFerrari\Downloads\Daily Receipts and Recv Report (4).xls
    2014-12-23 14:00 - 2014-12-23 14:00 - 00034816 _____ () C:\Users\PFerrari\Downloads\Form of Payment Template (2).xls
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 13:28 - 2014-03-17 10:37 - 00000000 ____D () C:\ProgramData\Symantec.cloud
    2015-01-19 13:16 - 2013-12-11 13:33 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-19 13:15 - 2013-12-19 18:28 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA.job
    2015-01-19 13:15 - 2013-11-05 00:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-19 13:10 - 2013-11-05 02:15 - 01794539 _____ () C:\Windows\WindowsUpdate.log
    2015-01-19 12:56 - 2014-08-01 09:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-19 11:54 - 2014-09-11 13:42 - 00000000 ___RD () C:\Users\PFerrari\Dropbox
    2015-01-19 11:54 - 2014-09-11 13:37 - 00000000 ____D () C:\Users\PFerrari\AppData\Roaming\Dropbox
    2015-01-19 11:54 - 2013-12-11 13:33 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-19 11:54 - 2013-12-10 16:58 - 00001415 _____ () C:\Users\PFerrari\logonscript.log
    2015-01-19 11:54 - 2013-12-10 14:45 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-01-19 11:48 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-19 11:48 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-19 11:41 - 2014-09-29 10:21 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
    2015-01-19 11:41 - 2014-01-27 20:15 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-01-19 11:41 - 2014-01-27 20:15 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-01-19 11:40 - 2010-11-20 16:48 - 00626042 _____ () C:\Windows\PFRO.log
    2015-01-19 11:40 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-19 11:40 - 2009-07-13 23:39 - 00047449 _____ () C:\Windows\setupact.log
    2015-01-19 09:52 - 2013-12-11 20:11 - 00000000 ____D () C:\ProgramData\LogMeIn
    2015-01-19 09:44 - 2013-12-24 09:44 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-19 09:35 - 2013-12-24 09:44 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-19 06:15 - 2013-12-19 18:28 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core.job
    2015-01-19 02:56 - 2014-05-07 15:26 - 00000000 ____D () C:\Program Files\FMAuditOnsite
    2015-01-16 12:13 - 2013-12-10 17:02 - 00000000 ____D () C:\Users\PFerrari\Documents\Outlook Files
    2015-01-15 13:43 - 2013-12-11 20:13 - 00000000 ____D () C:\Program Files\LogMeIn
    2015-01-15 13:42 - 2013-12-11 20:14 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
    2015-01-15 13:42 - 2013-12-11 20:14 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
    2015-01-15 13:42 - 2013-12-11 20:13 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
    2015-01-14 18:18 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-01-14 12:53 - 2014-08-01 09:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-01-14 02:15 - 2013-11-05 00:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-01-14 02:15 - 2013-11-05 00:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-01-12 20:22 - 2014-06-06 16:12 - 00000000 ____D () C:\Users\PFerrari\AppData\Local\CrashDumps
    2015-01-12 14:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\IME
    2015-01-09 17:14 - 2010-11-20 16:01 - 00818476 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-23 10:07 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-12-23 09:42 - 2013-12-10 15:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-12-23 03:21 - 2013-12-24 09:54 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
    2014-12-22 10:51 - 2013-12-24 09:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-20 11:49 - 2014-06-09 16:30 - 00000000 ____D () C:\Virus Removal
     
    ==================== Files in the root of some directories =======
    2014-01-11 13:41 - 2014-07-09 09:56 - 0003495 _____ () C:\Program Files\CHANGES.txt
    2013-03-06 14:33 - 2014-07-09 09:56 - 0035821 _____ () C:\Program Files\COPYING.txt
    2014-01-08 16:55 - 2014-07-09 09:56 - 0069632 _____ (GNE) C:\Program Files\DisMon.exe
    2014-01-08 16:56 - 2014-07-09 09:56 - 0189440 _____ (GNE) C:\Program Files\DualLauncher.exe
    2014-01-08 16:56 - 2014-07-09 09:56 - 0087040 _____ (GNE) C:\Program Files\DualSnap.exe
    2014-01-10 14:09 - 2014-07-09 09:56 - 0080896 _____ (GNE) C:\Program Files\DualWallpaper.exe
    2014-01-11 13:59 - 2014-07-09 09:56 - 0004397 _____ () C:\Program Files\README.txt
    2014-01-08 16:48 - 2014-07-09 09:56 - 0166912 _____ (GNE) C:\Program Files\SwapScreen.exe
    2013-03-06 14:33 - 2014-07-09 09:56 - 0000291 _____ () C:\Program Files\THANKS.txt
    2014-02-26 19:23 - 2014-02-26 19:23 - 0007605 _____ () C:\Users\PFerrari\AppData\Local\Resmon.ResmonCfg
    2014-01-21 10:41 - 2014-12-02 11:28 - 0000021 _____ () C:\ProgramData\IpAndPort.fig
    2014-01-21 10:41 - 2014-12-02 11:28 - 0000229 _____ () C:\ProgramData\RmUserCfg.ini
     
    Some content of TEMP:
    ====================
    C:\Users\PFerrari\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxhspbi.dll
    C:\Users\PFerrari\AppData\Local\Temp\Quarantine.exe
    C:\Users\PFerrari\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-14 18:47
     
    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
    Ran by pFerrari at 2015-01-19 13:29:18
    Running from C:\Users\PFerrari\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Symantec Endpoint Protection.cloud (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Symantec Endpoint Protection.cloud (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Symantec Endpoint Protection.cloud (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    32 Bit HP CIO Components Installer (Version: 15.1.1 - Hewlett-Packard) Hidden
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{ABD675FF-147C-689A-50B9-6DC57DE4044F}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BlueClient 2.5 (HKLM\...\{20B590D0-66BB-464A-9B3B-2C7D1DEEA591}_is1) (Version:  - )
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
    Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
    Conexant Audio Filter Agent (HKLM\...\cAudioFilterAgent) (Version: 1.7.36.0 - Conexant Systems)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.5.51 - Conexant)
    Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.109.0 - Conexant Systems)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Client System Update (HKLM\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
    docSTAR 3.10 (HKLM\...\docSTAR 3.10) (Version:  - Astria Solutions Group, LLC)
    Dropbox (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Endpoint Protection.cloud (Version: 21.5.0.19 - Symantec Corporation) Hidden
    erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    FMAudit Onsite (HKLM\...\FMAudit Onsite3.0.6.63728) (Version: 3.0.6.63728 - FMAudit (ECi))
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Talk Plugin (HKLM\...\{24DA8058-C0E5-351B-8B55-F6DC5A2B22EF}) (Version: 5.38.7.0 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    iBackupBot 5.1.0.3 (HKLM\...\iBackupBot) (Version: 5.1.0.3 - VOWSoft, Ltd.)
    iCloud (HKLM\...\{AC6EE263-E4DD-4150-9014-689B1D4A3315}) (Version: 4.0.5.20 - Apple Inc.)
    Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    join.me (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
    Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
    LogMeIn (HKLM\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    SuccessWare 21 (HKLM\...\{0C1F1120-A5A0-11D4-A9C5-00B0D045AC06}) (Version:  - )
    Symantec.cloud - Cloud Agent (Version: 2.03.60.2571 - Symantec Corporation) Hidden
    Symantec.cloud - Endpoint Protection (Version: 4.40.10.670 - Symantec Corporation) Hidden
    Symantec.cloud (HKLM\...\Symantec Hosted Services ARP) (Version:  - Symantec Corporation)
    WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{8DC2DD9D-7687-4108-83D6-ACE73ABF2D69}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
    Wondershare Dr.Fone for iOS(Build 4.6.0.29) (HKLM\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.6.0.29 - Wondershare Software Co.,Ltd.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\PFerrari\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
     
    ==================== Restore Points  =========================
     
    04-01-2015 00:00:02 Scheduled Checkpoint
    12-01-2015 00:00:03 Scheduled Checkpoint
    19-01-2015 09:34:29 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {00805D4D-E3DC-4DD6-8CB9-BA39A90FF2A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {07956048-C468-4FB0-BE34-8AEA88609F00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
    Task: {09EE9ACA-D980-473F-A64F-06CB6AB2A61B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {0b6ad6a4-7903-4c60-aa4a-c94378725174} pferrari-w7.pann.local => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
    Task: {101E9988-40FA-4F80-BEE2-C8DB6201FEA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {10780E19-1C44-46D1-86D6-4BA9D80DF852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
    Task: {242D471E-459B-4E80-B20C-50BD707302AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {26337DB9-AAD8-4EC6-A548-6B6D018729B9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {3EAC21A3-5BDB-471E-B75C-C42F6ADD56FA} - System32\Tasks\Endpoint Protection.cloud\Norton Error Processor => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {6137828A-C45E-4FC2-838B-209CB2B8C9E4} - System32\Tasks\Endpoint Protection.cloud\Norton Error Analyzer => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {67E9F1AE-5E3A-4D06-BE22-7E4997CD748A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
    Task: {6ACAE8CF-687B-472C-BA86-FFA466496B26} - System32\Tasks\Onsite_Watchdog => C:\Program Files\FMAuditOnsite\watchdog.bat [2014-11-13] ()
    Task: {80045939-7DD8-415E-AAD9-4643A146E236} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {88D1BFC6-3D7F-4B43-9814-CDDB51CA67FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {922AB765-BEC5-4CB6-9A04-DCD398A59018} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {BE9BD7BA-675E-4B32-90F7-BDCC50F6A200} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
    Task: {C2E4F853-CFE4-4472-89B8-383A2E31D61E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {C59BD806-B6C9-4F4C-9404-2281A5DE07DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DE6DDB11-3CD0-4BE9-AC12-EF1C287FBD39} - System32\Tasks\Norton WSC Integration => C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
    Task: {F0939790-7F10-4E57-AACF-8D280F75A356} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163Core.job => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1522985023-1944121316-2484613009-1163UA.job => C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-21 05:02 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00068096 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygrunsrv.exe
    2013-12-10 15:40 - 2013-05-24 10:46 - 00536078 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\bash.exe
    2013-12-10 15:40 - 2013-05-24 10:46 - 00031232 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygintl-8.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00044558 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cyggcc_s-1.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00167438 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygreadline7.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00249870 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygncursesw-10.dll
    2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
    2014-11-13 12:21 - 2014-11-13 12:21 - 00055296 _____ () C:\Program Files\FMAuditOnsite\Web\Bin\Toshiba.Tasks.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00408590 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\sshd.exe
    2013-12-10 15:40 - 2013-05-24 10:46 - 00006656 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygcrypt-0.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 01174542 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygcrypto-0.9.8.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00077838 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygz.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00028174 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygwrap-0.dll
    2013-12-10 15:40 - 2013-05-24 10:46 - 00008206 _____ () C:\Program Files\BlueBoxUSA\BlueBox\DitSSH\bin\cygssp-0.dll
    2013-11-05 00:22 - 2013-01-14 15:25 - 01200088 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2014-11-10 16:28 - 2014-11-10 16:28 - 00081056 _____ () C:\Users\PFerrari\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
    2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2013-11-05 00:23 - 2011-06-24 14:12 - 00965760 _____ () C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2011-12-07 03:15 - 2011-12-07 03:15 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-11-30 14:37 - 2011-11-30 14:37 - 00016384 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-19 11:54 - 2015-01-19 11:54 - 00043008 _____ () c:\users\pferrari\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxhspbi.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\PFerrari\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
    2015-01-17 00:19 - 2015-01-08 19:35 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\Services: DSClientService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^docSTAR 3.10.lnk => C:\Windows\pss\docSTAR 3.10.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^PFerrari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Google Update => "C:\Users\PFerrari\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1524435-752145541-170011291-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1524435-752145541-170011291-1002 - Limited - Enabled)
    Directit (S-1-5-21-1524435-752145541-170011291-1000 - Administrator - Enabled) => C:\Users\Directit
    Guest (S-1-5-21-1524435-752145541-170011291-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-11-28 15:47:51.651
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-11-09 22:37:50.163
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 23:31:00.290
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 23:22:35.401
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-21 22:39:02.568
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-15 01:40:34.070
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-05 14:47:47.180
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-10-05 14:28:25.155
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-09-07 23:13:25.257
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-09-07 22:56:04.683
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 64%
    Total physical RAM: 3570.08 MB
    Available physical RAM: 1254.48 MB
    Total Pagefile: 7138.45 MB
    Available Pagefile: 3831.68 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1900.47 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:90.76 GB) NTFS
    Drive h: (Data) (Network) (Total:1640.16 GB) (Free:992.88 GB) NTFS
    Drive p: (Data) (Network) (Total:1640.16 GB) (Free:992.88 GB) NTFS
    Drive s: (Data) (Network) (Total:1640.16 GB) (Free:992.88 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 80F4BE54)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:04:02 PM

    Posted 19 January 2015 - 01:53 PM

    I am going to attach a file named Fixlist, download it to your desktop where you are running FRST from, then open FRST and click on Fix, it will reboot your computer and you will see a Fixlog on your desktop, post it please

    Attached Files


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 pferrari

    pferrari
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:04:02 PM

    Posted 19 January 2015 - 02:32 PM

    i had to close the program the first time it ran because it froze in the middle of fixing and just kept spinning. when i reopened it and clicked fix this is the log i got after restart

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
    Ran by pFerrari at 2015-01-19 14:22:30 Run:2
    Running from C:\Users\PFerrari\Desktop
    Loaded Profiles: pFerrari (Available profiles: pFerrari & Administrator & Directit)
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1522985023-1944121316-2484613009-1163 -> {938931C2-EBF8-4CF1-9BD3-6CA597AF16F8} URL = 
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
     
     
     
     
    *****************
     
    Processes closed successfully.
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-1522985023-1944121316-2484613009-1163\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{938931C2-EBF8-4CF1-9BD3-6CA597AF16F8} => Key not found. 
    HKCR\CLSID\{938931C2-EBF8-4CF1-9BD3-6CA597AF16F8} => Key not found. 
    HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => Key not found. 
     
    =========  ipconfig /flushdns =========
     
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========= End of CMD: =========
     
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 21 KB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog 14:22:32 ====


    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:04:02 PM

    Posted 19 January 2015 - 02:36 PM

    Lets remove all traces of this pest in all your browsers

     

    Internet Explorer
     
  • Open Internet Explorer
  • Click on Tools up on the top right
  • Click on Manage Add Ons from the dropdown list
  • In this window you can manage the Internet Explorer add-ons
  • Click on Search Providers
  • Click on the option Toolbars and Extensions on left side of the window.
  • Then click on the malicious items to remove AZLyrics
  • Make Google you default
  • Close IE and then open it again and see if AZLyrics are gone
  •  
     
     
     
     
    Chrome
     
  • Open Chrome
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Click on Settings
  • Then Manage Search Engines
  • Highlite AZLyrics and select Delete
  • Then go to Other Search Engines and remove all you dont want
  •  
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Click on Settings
  • Open a specific page or set of pages.
  • Set Pages
  • Remove AZLyrics if present
  • You can copy and paste the url from a page you like or if you have that page open select use current
  • OK your way out and close chome.
  • Reopen Chrome and make sure your start page is the one you want
  •  
  • Open Chrome
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Click on History
  • Click on Clear Browsing History
  • Check 
  • 1. Browsing History
    2. Cookies and Site Plug Ins
    3. Cached Images and Files
  • Then ok your way out and close Chrome
  •  
  • Open Chrome
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Then go to Settings > Show Advanced Settings 
  • Then go to Privacy > Content Settings
  • Plug Ins > Manage Exceptions > Delete any reference to AZLyrics 
  • Pop Ups > Manage Exceptions > Remove any reference to AZLyrics 
  • Ok your way out and close Chome, then reopen it and see if AZLyrics are gone from your pages
  •  
     
     
     
     
     
    Firefox
     
  • Open Firefox
  • Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines 
  • Highlite AZLyrics and select Delete
  •  
     
     
    Then let me know how your system is behaving now ???

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 pferrari

    pferrari
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:04:02 PM

    Posted 19 January 2015 - 02:52 PM

    I did everything for internet explorer and chrome.  i didn't find anything related to AZLyrics at all



    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:04:02 PM

    Posted 19 January 2015 - 03:37 PM

    Great, how is your system behaving now ??


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users